General
-
Target
4243b819a4cacf20d035b5ea54043c3ca3e74f1ad4c5b00a36e7ff2972ffcacb
-
Size
1.3MB
-
Sample
231012-r7fa8sgg43
-
MD5
38c0044f99107f194b63f9fe29f45f58
-
SHA1
252b6a6edfc1b97ceb999d563201ece039a11164
-
SHA256
4243b819a4cacf20d035b5ea54043c3ca3e74f1ad4c5b00a36e7ff2972ffcacb
-
SHA512
e0724ee785f86706e6c041d8709d9de34a4536844942f558973cb24f231be2f0118b6ad3a67381b5545a266aabc0d8236237846295609406194f5924b4e32974
-
SSDEEP
24576:px6d5CI3xqGvBSVbGM76eTSAdKIvY8Ss5VtX6rjs:G5CIBqkkN6eTSAQIQJKV4js
Static task
static1
Behavioral task
behavioral1
Sample
4243b819a4cacf20d035b5ea54043c3ca3e74f1ad4c5b00a36e7ff2972ffcacb.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
4243b819a4cacf20d035b5ea54043c3ca3e74f1ad4c5b00a36e7ff2972ffcacb.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
nash
77.91.124.82:19071
-
auth_value
35b6b5194b4fd1ef78124b2387f0c668
Extracted
redline
monik
77.91.124.82:19071
-
auth_value
da7d9ea0878f5901f1f8319d34bdccea
Targets
-
-
Target
4243b819a4cacf20d035b5ea54043c3ca3e74f1ad4c5b00a36e7ff2972ffcacb
-
Size
1.3MB
-
MD5
38c0044f99107f194b63f9fe29f45f58
-
SHA1
252b6a6edfc1b97ceb999d563201ece039a11164
-
SHA256
4243b819a4cacf20d035b5ea54043c3ca3e74f1ad4c5b00a36e7ff2972ffcacb
-
SHA512
e0724ee785f86706e6c041d8709d9de34a4536844942f558973cb24f231be2f0118b6ad3a67381b5545a266aabc0d8236237846295609406194f5924b4e32974
-
SSDEEP
24576:px6d5CI3xqGvBSVbGM76eTSAdKIvY8Ss5VtX6rjs:G5CIBqkkN6eTSAQIQJKV4js
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1